cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Sosnoski <...@sosnoski.com>
Subject Re: Configuring symmetric binding
Date Fri, 24 Dec 2010 03:59:23 GMT
Looks like something changed post 2.2.8 - I get the same error you
reported when I try using my sample code with 2.3.1, and also with
2.2.10, though it works with 2.2.8. The best thing to do is to enter a
Jira and attach the CXF sample code from the article, and try using
2.2.8 (available from the archive, look for the link on the download
page) for now.

  - Dennis


On 12/24/2010 04:13 PM, John Franey wrote:
> Dennis, Glen,
>
> I would rate my experience level as "uninitiated".  Thanks for taking the
> time to help me get some legs.
>
>
> On Thu, Dec 23, 2010 at 6:00 PM, Dennis Sosnoski <dms@sosnoski.com> wrote:
>
>   
>> John, you might try downloading the sample code from the
>> SymmetricBinding article referenced by Glen
>> (http://www.ibm.com/developerworks/java/library/j-jws17/index.html) as a
>> basis for trying your policy. First build and test the supplied sample
>> using your CXF installation, then substitute your policy for the one in
>> the sample code WSDL. Hopefully that could help you find the cause of
>> the problems.
>>
>>
>>     
> I ran the SecureConversation example because that matches the policy my
> target service setting.
>
> Tomcat 5.5.31, jdk 1.6.0_22, linux ubuntu 10.10, cxf 2.3.1,
> dennis' war: cxf-seismic-scencr.war,
>
> client run command: ant  run-scencr
>
> I got this exception (server side log):
>
>  Dec 23, 2010 9:32:28 PM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for {
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/wsdl}RequestSecurityTokenhas
> thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: Action
> http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT not supported
> at
> org.apache.cxf.ws.addressing.MAPAggregator.mediate(MAPAggregator.java:572)
> at
> org.apache.cxf.ws.addressing.MAPAggregator.handleMessage(MAPAggregator.java:227)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
> at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
> at
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97)
> at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461)
> at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
> at
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
> at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>
> I took up Glen's hint and put cxf-rt-ws-security*.jar and
> cxf-rt-ws-policy*.jar from ${cxf-home}/modules into the war.  And got the
> same exception.
>
> How shall I interpret this exception?  Do I need another module?
>
> The comment from the article that "CXF was the only stack that worked
>   
>> with the policy as written." only applied to the WS-SecureConversation
>> policy shown in Listing 2. WS-SC configurations tend to be more
>> failure-prone than regular WS-Security configurations, in my experience,
>> since there are more "moving parts" involved in the operation. All three
>> of the stacks I tried were able to handle the basic SymmetricBinding
>> configuration.
>>
>>  - Dennis
>>
>> Dennis M. Sosnoski
>> Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html
>>     
>>>       
>> Axis2/CXF/Metro SOA and Web Services Training
>> <http://www.sosnoski.com/training.html>
>> Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
>>
>>
>> On 12/24/2010 10:26 AM, Glen Mazza wrote:
>>     
>>> If *could* be your service provider is not detecting the
>>> SymmetricBinding tag because two additional libraries need to be
>>> declared in your web.xml:
>>> http://www.jroller.com/gmazza/entry/cxf_x509_profile_secpol (see the
>>> section on |contextConfigLocation|, it will point you to a username
>>> token article.)
>>>
>>> HTH,
>>> Glen
>>>
>>>
>>>
>>>
>>> On 23.12.2010 16:20, John Franey wrote:
>>>       
>>>> Thanks.
>>>>
>>>> On Thu, Dec 23, 2010 at 4:01 PM, Glen Mazza<glen.mazza@gmail.com>
>>>> wrote:
>>>>
>>>>         
>>>>> On http://www.sosnoski.com/articles.html, I think you'll want the 2nd
>>>>> article:WS-Security without client certificates<
>>>>> http://www.ibm.com/developerworks/java/library/j-jws17/index.html>
>>>>>
>>>>> This statement from that article is why I am wanting to use CXF:
>>>>> "CXF was
>>>>>           
>>>> the only stack that worked with the policy as written."
>>>>
>>>> The policy I am consuming looks much like the ones in his article.
>>>> So, I'm
>>>> expecting success.  I believe symmetric binding is supported.
>>>>
>>>> Should I conclude that the 'right wsdl' is enough to activate symmetric
>>>> binding?  or is there some other configuration needed?
>>>>
>>>> The message "SymmetricBinding not supported" implies the latter, I
>>>> think.
>>>>
>>>>
>>>> HTH,
>>>>         
>>>>> Glen
>>>>>
>>>>>
>>>>>
>>>>> On 23.12.2010 15:32, John Franey wrote:
>>>>>
>>>>>           
>>>>>> I believe symmetric binding policy is supported in cxf 2.3.1, but
>>>>>> this log
>>>>>> message says no:
>>>>>>
>>>>>> [PolicyEngineImpl] Alternative {
>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SymmetricBinding
>>>>>>             
>> <http://schemas.xmlsoap.org/ws/2005/07/securitypolicy%7DSymmetricBinding
>>     
>>> is
>>>       
>>>>>> not
>>>>>> supported
>>>>>>
>>>>>> I've been working over the cxf documentation for over a day.  I am
>>>>>> stumped.
>>>>>>
>>>>>> What do I have to do to turn on support for symmetric binding?
>>>>>>
>>>>>> I'm writing a client that will run in jbossws-cxf 3.4.0.
>>>>>>
>>>>>> Thanks,
>>>>>> John
>>>>>>
>>>>>>
>>>>>>             
>>>>> --
>>>>>
>>>>> Glen Mazza
>>>>> gmazza at apache dot org
>>>>> http://www.jroller.com/gmazza
>>>>>
>>>>>           
>>>
>>>       
>>     
>   

Mime
View raw message